Results 1  10
of
68
Monitoring temporal properties of continuous signals
 In: Proceedings of FORMATSFTRTFT. Volume 3253 of LNCS
, 2004
"... Abstract. In this paper we introduce a variant of temporal logic tailored for specifying desired properties of continuous signals. The logic is based on a bounded subset of the realtime logic MITL, augmented with a static mapping from continuous domains into propositions. From formulae in this logi ..."
Abstract

Cited by 29 (5 self)
 Add to MetaCart
Abstract. In this paper we introduce a variant of temporal logic tailored for specifying desired properties of continuous signals. The logic is based on a bounded subset of the realtime logic MITL, augmented with a static mapping from continuous domains into propositions. From formulae in this logic we create automatically property monitors that can check whether a given signal of bounded length and finite variability satisfies the property. A prototype implementation of this procedure was used to check properties of simulation traces generated by Matlab/Simulink. 1
Regular vacuity
 In Proc. 13th Advanced Research Working Conference on Correct Hardware Design and Verification Methods, volume 3725 of Lecture Notes in Computer Science
, 2005
"... Abstract. The application of modelchecking tools to complex systems involves a nontrivial step of modelling the system by a finitestate model and a translation of the desired properties into a formal specification. While a positive answer of the model checker guarantees that the model satisfies th ..."
Abstract

Cited by 20 (13 self)
 Add to MetaCart
Abstract. The application of modelchecking tools to complex systems involves a nontrivial step of modelling the system by a finitestate model and a translation of the desired properties into a formal specification. While a positive answer of the model checker guarantees that the model satisfies the specification, correctness of the modelling is not checked. Vacuity detection is a successful approach for finding modelling errors that cause the satisfaction of the specification to be trivial. For example, the specification “every request is eventually followed by a grant ” is satisfied vacuously in models in which requests are never sent. In general, a specification ϕ is satisfied vacuously in a model M if ϕ has a subformula ψ that does not affect the satisfaction of ϕ in M, where “does not affect ” means we can replace ψ by a universally quantified proposition. Previous works focus on temporal logics such as LTL, CTL, and CTL ∗ , and reduce vacuity detection to standard model checking. A major feature of recent industrial propertyspecification languages is their regular layer, which includes regular expressions and formulas constructed from regular
Experimental evaluation of classical automata constructions
 In In LPAR 2005, LNCS 3835
, 2005
"... Abstract. There are several algorithms for producing the canonical DFA from a given NFA. While the theoretical complexities of these algorithms are known, there has not been a systematic empirical comparison between them. In this work we propose a probabilistic framework for testing the performance ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract. There are several algorithms for producing the canonical DFA from a given NFA. While the theoretical complexities of these algorithms are known, there has not been a systematic empirical comparison between them. In this work we propose a probabilistic framework for testing the performance of automatatheoretic algorithms. We conduct a direct experimental comparison between Hopcroft’s and Brzozowski’s algorithms. We show that while Hopcroft’s algorithm has better overall performance, Brzozowski’s algorithm performs better for “highdensity” NFA. We also consider the universality problem, which is traditionally solved explicitly via the subset construction. We propose an encoding that allows this problem to be solved symbolically via a modelchecker. We compare the performance of this approach to that of the standard explicit algorithm, and show that the explicit approach performs significantly better. 1
Sanity Checks in Formal Verification
 In Proc. of CONCUR’06, LNCS
, 2006
"... Abstract. One of the advantages of temporallogic modelchecking tools is their ability to accompany a negative answer to the correctness query by a counterexample to the satisfaction of the specification in the system. On the other hand, when the answer to the correctness query is positive, most mo ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
Abstract. One of the advantages of temporallogic modelchecking tools is their ability to accompany a negative answer to the correctness query by a counterexample to the satisfaction of the specification in the system. On the other hand, when the answer to the correctness query is positive, most modelchecking tools provide no additional information. In the last few years there has been growing awareness to the importance of suspecting the system or the specification of containing an error also in the case model checking succeeds. The main justification of such suspects are possible errors in the modeling of the system or of the specification. The goal of sanity checks is to detect such errors by further automatic reasoning. Two leading sanity checks are vacuity and coverage. In vacuity, the goal is to detect cases where the system satisfies the specification in some unintended trivial way. In coverage, the goal is to increase the exhaustiveness of the specification by detecting components of the system that do not play a role in verification process. For both checks, the challenge is to define vacuity and coverage formally, develop algorithms for detecting vacuous satisfaction and low coverage, and suggest methods for returning to the user helpful information. We survey existing work on vacuity and coverage and argue that, in many aspects, the two checks are essentially the same: both are based on repeating the verification process on some mutant input. In vacuity, mutations are in the specifications, whereas in coverage, mutations are in the system. This observation enables us to adopt work done in the context of vacuity to coverage, and vise versa. 1
Tracechecks: Defining semantic interfaces with temporal logic
 Software Composition
, 2006
"... Abstract. Tracechecks are a formalism based on linear temporal logic (LTL) with variable bindings and pointcuts of the aspectoriented language AspectJ for the purpose of verification. We demonstrate how tracechecks can be used to model temporal assertions. These assertions reason about the dynamic ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Tracechecks are a formalism based on linear temporal logic (LTL) with variable bindings and pointcuts of the aspectoriented language AspectJ for the purpose of verification. We demonstrate how tracechecks can be used to model temporal assertions. These assertions reason about the dynamic control flow of an application. They can be used to formally define the semantic interface of classes. We explain in detail how we make use of AspectJ pointcuts to derive a formal model of an existing application and use LTL to express temporal assertions over this model. We developed a reference implementation with the abc compiler showing that the tool can be applied in practice and is memoryefficient. In addition we show how tracechecks can be deployed as Java5 annotations, yielding a system which is fully compliant with any Java compiler and hiding any peculiarities of aspectoriented programming from the user. Through annotations, the tracecheck specifications become a semantic part of an interface. Consumers of such a component can then take advantage of the contained annotations by applying our tool and have their use of this component automatically checked at runtime for compliance with the intent of the component provider. 1
Specification and Verification of Artifact Behaviors in Business Process Models ⋆
"... Abstract. SOA has influenced business process modeling and management. Recent business process models have elevated data representation to the same level as control flows, for example, the artifactcentric business process models allow the life cycle properties of artifacts (data objects) to be spec ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Abstract. SOA has influenced business process modeling and management. Recent business process models have elevated data representation to the same level as control flows, for example, the artifactcentric business process models allow the life cycle properties of artifacts (data objects) to be specified and analyzed. In this paper, we develop a specification language ABSL based on computation tree logic for artifact life cycle behaviors (e.g., reachability). We show that given a business model and starting configuration, it can be decided if an ABSL sentence is satisfied when the domains are bounded, and if an ABSLcore (sublanguage of ABSL) sentence is satisfied when the domains are totally ordered but unbounded. We also show that if the starting configuration is not given, ABSL(core) is still decidable if the number of artifacts is bounded with bounded (resp. unbounded but ordered) domains. 1
Resets vs. Aborts in Linear Temporal Logic
, 2003
"... There has been a major emphasis recently in the semiconductor industry on designing industrialstrength property specification languages. Two major languages are ForSpec and Sugar 2.0, which are both extensions of Pnueli's LTL. Both ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
(Show Context)
There has been a major emphasis recently in the semiconductor industry on designing industrialstrength property specification languages. Two major languages are ForSpec and Sugar 2.0, which are both extensions of Pnueli's LTL. Both
Typeness for ωRegular Automata
 INTERNATIONAL JOURNAL OF FOUNDATIONS OF COMPUTER SCIENCE
"... We introduce and study three notions of typeness for automata on infinite words. For an acceptancecondition class γ (that is, γ is weak, Büchi, coBüchi, Rabin, or Streett), deterministic γtypeness asks for the existence of an equivalent γautomaton on the same deterministic structure, nondetermin ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
We introduce and study three notions of typeness for automata on infinite words. For an acceptancecondition class γ (that is, γ is weak, Büchi, coBüchi, Rabin, or Streett), deterministic γtypeness asks for the existence of an equivalent γautomaton on the same deterministic structure, nondeterministic γtypeness asks for the existence of an equivalent γautomaton on the same structure, and γpowersettypeness asks for the existence of an equivalent γautomaton on the (deterministic) powerset structure – one obtained by applying the subset construction. The notions are helpful in studying the complexity and complication of translations between the various classes of automata. For example, we prove that deterministic Büchi automata are coBüchi type; it follows that a translation from deterministic Büchi to deterministic coBüchi automata, when exists, involves no blow up. On the other hand, we prove that nondeterministic Büchi automata are not coBüchi type; it follows that a translation from a nondeterministic Büchi to nondeterministic coBüchi automata, when exists, should be more complicated than just redefining the acceptance condition. As a third example, by proving that nondeterministic coBüchi automata are Büchipowerset type, we show that a translation of nondeterministic coBüchi to deterministic Büchi automata, when exists, can be done applying the subset construction. We give a complete picture of typeness for the weak, Büchi, coBüchi, Rabin, and Streett acceptance conditions, and discuss its usefulness.
Deterministic Dynamic Monitors for LinearTime Assertions
 In Proceedings of International ICSC Symposium on MultiAgents and Mobile Agents in Virtual Organizations and ECommerce (MAMA'2000
, 2006
"... We describe a framework for dynamic verification of temporal assertions based on assertion compilation into deterministic automata. The novelty of our approach is that it allows efficient dynamic verification of general linear temporal formulas written in formal property specification languages s ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
(Show Context)
We describe a framework for dynamic verification of temporal assertions based on assertion compilation into deterministic automata. The novelty of our approach is that it allows efficient dynamic verification of general linear temporal formulas written in formal property specification languages such as LTL, ForSpec, PSL, and SVA, while the existing approaches are applicable to limited subsets only. We also show an advantage of the described framework over industrial simulators, which typically use transactionbased verification. Another advantage of our approach is its ability to use deterministic checkers directly for hardware emulation. Finally, we compare the deterministic compilation with the OBDDbased onthefly simulation of deterministic automata. We show that although the OBDDbased simulation method is much slower, the two methods may be efficiently combined for hybrid simulation, when the RTL signals in assertions are mixed with symbolic variables.
An Abstraction Algorithm for the Verification of Levelsensitive Latchbased Netlists
, 2003
"... Highperformance hardware designs often intersperse combinational logic freely between levelsensitive latch layers (wherein each layer is transparent during only one clock phase), rather than utilizing masterslave latch pairs with no combinational logic between. While such designs may generally ac ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
(Show Context)
Highperformance hardware designs often intersperse combinational logic freely between levelsensitive latch layers (wherein each layer is transparent during only one clock phase), rather than utilizing masterslave latch pairs with no combinational logic between. While such designs may generally achieve much faster clock speeds, this design style poses a challenge to verification. In particular, unless the kphase netlist N is abstracted to a fullcycle registerbased netlist N', verification of N requires k times (or greater) as many state variables as would be necessary to obtain equivalent verification of N'. We present algorithms to automatically identify and abstract kphase netlists—i.e., to perform phase abstraction—by selectively eliminating latches. The abstraction is valid for model checking CTL∗ formulae which reason solely about latches of a single phase. This algorithm has been implemented in the model checker RuleBase, and used to enhance the model checking of IBM’s Gigahertz Processor, which would not have been feasible otherwise due to computational constraints. This abstraction has furthermore allowed verification engineers to write properties and environments more efficiently.